Rupesh Kumar wrote: > I am using latest freeradius server (version 2.1.8).
Which AP && supplicant (client PC) are you using? > I have two authenticated sessions established with radius server and > when disable and reenable the dot1x sessions, then I am seeing the > following error and one request is getting Reject message from the server. ... > Is it a known issue in radius server or what is the root cause of it. The supplicant and/or the Access Point is broken. > I have attached radius server failure log messages The supplicant starts EAP, and the server responds with a request for EAP-TLS. The supplicant NAKs it, and asks for EAP-MD5. The server responds with EAP-MD5. The supplicant then responds with a NAK for EAP-MD5. This packet from the AP contains the *old* State variable from the previous NAK. A close look at the packet traces shows that either the supplicant is re-using the old NAK (and confusing the AP), or the AP is re-using an old packet (and confusing the supplicant). Either way, the packet traces on the server show that the server is behaving correctly. The error message about "no matching state" is because the server has moved on to the *next* step of EAP, and it receives a packet from the *previous* step. So there really is "no matching state". Try using another supplicant and/or AP. You won't be able to fix this by editing the server configuration. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html